[Dshield] Decompression Bombs

jayjwa jayjwa at atr2.ath.cx
Thu Feb 5 06:43:31 GMT 2004

On Wed, 4 Feb 2004, Jon R. Kibler wrote:

> I ran across this article in another maillist. Thought it may be of interest here.
> 	http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
> The bottom line: Take an extremely large file (100sGB) containing only a single byte value (such as x00), compress it, and you end up with a tiny file (~>64KB). That that file and used it as an email attachment, part of a web page, etc., that when it is decompressed, will crash the program that invoked the decompressor.

Not that I doubt you... I'm just trying to picture who sits around
compressing 100gig+ files... my entire system sits on 3gig. That must be
one lonely individual.


More information about the list mailing list